Listing of Claims; 

1 . (Currently Amended) A method of managing alerts issued by intrusion detection 
sensors (11a, lib, lie) of an information security system (4-) including an alert management 
system (44), each alert being defined by an alert identifier and an alert content, which m e thod 
includ e s the following steps the method comprising : 

associating with each of the alerts issued by the intrusion detection sensors 
(11a, lib, 11c) a description including a conjunction of valued attributes 
belonging to attribute domains; 

organizing the valued attributes belonging to each attribute domain into a 
taxonomic structure defining generalization relationships between said valued 
attributes, the a plurality of attribute domains thus forming a plurality of 
taxonomic structures; 

completing the description of each of said alerts with sets of values 
induced by the taxonomic structures based on th e basis of the valued attributes of 
said alerts to form complete alerts; and 

storing said complete alerts in a logic file system (24-) to enable them said 
complete alerts to be consulted; 

wherein each complete alert is saved in the logic file system as a file with 
a completed description of each complete alert expressed using propositional 
logic . 

2. (Currently Amended) The method according to claim 1, wherein the complete alerts 
are consulted by at least one of successively interrogating and and/or browsing said complete 
alerts so that the alert management system (44) responds to a request by supplying pertinent 
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valued attributes enabling a subset of complete alerts to be distinguished in a set of complete 
alerts satisfying the request ia-order to enable said request to be refined. 

3. (Currently Amended) The method according to claim 2, wherein the pertinent valued 
attributes assigned the a highest priority are those that are most general, given the taxonomic 
structures. 

4. (Currently Amended) The method according to claim 2, wherein the alert management 
system (44) further responds to the request by supplying alert identifiers satisfying the request 
and whose description cannot be refined with respect to said request. 

supplying al e rt identifi e rs satisfying th e r e qu e st and whos e description cannot b e r e fin e d with 
r e sp e ct to said r e quest. 

5. (Currently Amended) The method according to claim 1, wherein the alert identifier is a 
pair consisting of an identifier of the intrusion detection sensor (11a, lib, 11c) that produces the 
alert and an alert serial number assigned by said intrusion detection sensor. 

6. (Currently Amended) The method according to claim 1 , wherein the content of each 
alert includes a text message supplied by the a corresponding intrusion detection sensor £44% 
lib, 11c) . 

7. (Previously Presented) The method according to claim 1, wherein each valued attribute 
includes an attribute identifier and an attribute value. 
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8. (Currently Amended) The method according to claim 7, wherein each attribute 
identifier is associated with one of the following attribute domains: attack domain, attacker 
identity domain, victim identity domain[[,]] and attack date domain. 

9. (Currently Amended) The method according to claim 1, wherein the description of a 
given alert is completed by recovering^ recursively from generalization relationships of the 
taxonomic structures^ a set including the more general valued attributes not already included in 
the description of another alert completed previously. 

10. (Previously Presented) The method according to claim 1, wherein the valued 
attributes in the taxonomic structure are organized in accordance with an acyclic directed graph. 

1 1 . (Currently Amended) A computer-readable medium encoded with a computer 
program d e sign e d to e x e cut e th e m e thod according to claim 1, wh e n it is executed by a computer 
that causes the an alert management system (44) to manage alerts issued by intrusion detection 
sensors, the computer program comprising: 

program code for associating with each of the alerts issued by the intrusion 
detection sensors a description including a conjunction of valued attributes 
belonging to attribute domains: 

program code for organizing the valued attributes belonging to each 
attribute domain into a taxonomic structure defining generalization relationships 
between said valued attributes, a plurality of attribute domains forming a plurality 
of taxonomic structures; 
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program code for completing the description of each of said alerts with 
sets of values induced by the taxonomic structures based on the valued attributes 
of said alerts to form complete alerts; and 

program code for storing said complete alerts in a logic file system to 
enable said complete alerts to be consulted: 

wherein each complete alert is saved in the logic file system as a file with 
a completed description of each complete alert expressed using propositional 
logic . 

12. (Currently Amended) Alert management system for managing alerts issued by 
intrusion detection sensors (11a, lib, lie) , each alert being defined by an alert identifier and an 
alert content, which the system includ e s comprising : 

processor means for associating with each of the alerts issued by the 
intrusion detection sensors (11a, lib, 11c) a description including a conjunction 
of valued attributes belonging to attribute domains; 

processor means for organizing the valued attributes belonging to each 
attribute domain into a taxonomic structure defining generalization relationships 
between said valued attributes, the a plurality of attribute domains thus forming a 
plurality of taxonomic structures; 

processor means for completing the description of each of said alerts with 
sets of values induced by the taxonomic structures based on th e basis of the 
valued attributes of said alerts to form complete alerts; and 

processor means for storing said complete alerts in a logic file system 
to enable them said complete alerts to be consulted; 
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wherein each complete alert is saved in the logic file system as a file with 
a completed description of each complete alert expressed using propositional 
logic , 

13. (Currently Amended) Information security system comprising intrusion detection 
sensors and an the alert management system according to claim 12. 
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